Security flaw found in ES File Explorer app (Update: Patch incoming)
Update, January 17, 2019 (10:53 AM ET): We just received word from ES App Group, the creators of ES File Explorer. The company informed us that the HTTP vulnerability as described in the article below has been fixed.
However, the new version of the app still awaits approval to launch on the Google Play Store, so it might take a few days for the patched version to go live.
The company also apologized for the security flaw being there in the first place. Keep an eye out on the ES File Explorer listing on the Play Store to see when it will be updated with the new patch.
Original Article, January 16, 2019 (10:07 AM ET): If you use the popular Android app ES File Explorer on any of your Android smartphones or tablets, be careful: a security researcher has found a vulnerability in the app which would allow a hacker to access sensitive information on your device (via TechCrunch).
ES File Explorer — which has over 100 million installs on the Google Play Store — is a very simple and effective file manager app for Android. The app is totally free with an option to upgrade to ES File Manager Pro, which removes advertisements and offers a selection of new features.
According to Baptiste Robert — a French security researcher who uses the alias “Elliot Alderson” in some online forums — the ES File Explorer app includes a tiny hidden web server. Although Robert is not totally certain why the web server is there (he posits it might have to do with streaming video to other apps using HTTP) he did conclude that any hacker on the same network as the device could use the open ports connected to the web server to gain access to the device.
Once the hacker gains access through the open port, they could theoretically take almost any file from the Android device — including photos, videos, text files, etc. — and transfer it to any other server they also had access to. They could also remotely launch apps on the exploited device.
Obviously, this vulnerability only becomes a problem if you are on the same network as the hacker, which usually involves being connected to the same Wi-Fi network. In other words, the dangers of this vulnerability while you are at home are slim-to-none, but the dangers increase exponentially if you are on a public network such as those at coffee shops, airports, libraries, etc.
We attempted to contact ES App Group, the creators of ES File Explorer, to get a statement on this security issue. However, we did not hear back before press time. We will update this article if and when we receive a response (ED: See above for statement).
In the meantime, will this stop you from using ES File Explorer? If so, here’s a list of alternatives, or sound off in the comments with your file explorer app of choice.
NEXT: 10 best Android file explorer apps, file browser apps, and file manager apps
Source: Android Zone
The post Security flaw found in ES File Explorer app (Update: Patch incoming) appeared first on TuneMaster.ml.
Comments
Post a Comment